<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>wireguard: NetworkManager Reference Manual</title>
<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
<link rel="home" href="index.html" title="NetworkManager Reference Manual">
<link rel="up" href="ch01.html" title="Configuration Settings">
<link rel="prev" href="settings-802-3-ethernet.html" title="802-3-ethernet">
<link rel="next" href="settings-802-11-wireless.html" title="802-11-wireless">
<meta name="generator" content="GTK-Doc V1.33.1 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
<td width="100%" align="left" class="shortcuts">
<a href="#" class="shortcut">Top</a><span id="nav_properties">  <span class="dim">|</span> 
                  <a href="#settings-wireguard.properties" class="shortcut">
            Properties
        </a></span>
</td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
<td><a accesskey="u" href="ch01.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
<td><a accesskey="p" href="settings-802-3-ethernet.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
<td><a accesskey="n" href="settings-802-11-wireless.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
</tr></table>
<div class="refentry">
<a name="settings-wireguard"></a><div class="titlepage"></div>
<div class="refnamediv"><table width="100%"><tr>
<td valign="top">
<h2>wireguard</h2>
<p>wireguard — WireGuard Settings</p>
</td>
<td class="gallery_image" valign="top" align="right"></td>
</tr></table></div>
<div class="refsect1">
<a name="id-1.3.3.46.2"></a><h2>
            Properties
        </h2>
<div class="table">
<a name="id-1.3.3.46.2.2.1"></a><p class="title"><b>Table 80. </b></p>
<div class="table-contents"><table class="table" border="1">
<colgroup>
<col>
<col>
<col>
<col>
</colgroup>
<thead><tr>
<th>Key Name</th>
<th>Value Type</th>
<th>Default Value</th>
<th>Value Description</th>
</tr></thead>
<tbody>
<tr>
<td><pre class="screen">fwmark</pre></td>
<td><pre class="screen">uint32</pre></td>
<td><pre class="screen">0</pre></td>
<td>The use of fwmark is optional and is by default off. Setting it to 0 disables it. Otherwise, it is a 32-bit fwmark for outgoing packets.

Note that "ip4-auto-default-route" or "ip6-auto-default-route" enabled, implies to automatically choose a fwmark.</td>
</tr>
<tr>
<td><pre class="screen">ip4-auto-default-route</pre></td>
<td><pre class="screen">NMTernary (int32)</pre></td>
<td><pre class="screen"></pre></td>
<td>Whether to enable special handling of the IPv4 default route. If enabled, the IPv4 default route from wireguard.peer-routes will be placed to a dedicated routing-table and two policy routing rules will be added. The fwmark number is also used as routing-table for the default-route, and if fwmark is zero, an unused fwmark/table is chosen automatically. This corresponds to what wg-quick does with Table=auto and what WireGuard calls "Improved Rule-based Routing".

Note that for this automatism to work, you usually don't want to set ipv4.gateway, because that will result in a conflicting default route.

Leaving this at the default will enable this option automatically if ipv4.never-default is not set and there are any peers that use a default-route as allowed-ips. Since this automatism only makes sense if you also have a peer with an /0 allowed-ips, it is usually not necessary to enable this explicitly. However, you can disable it if you want to configure your own routing and rules.</td>
</tr>
<tr>
<td><pre class="screen">ip6-auto-default-route</pre></td>
<td><pre class="screen">NMTernary (int32)</pre></td>
<td><pre class="screen"></pre></td>
<td>Like ip4-auto-default-route, but for the IPv6 default route.</td>
</tr>
<tr>
<td><pre class="screen">listen-port</pre></td>
<td><pre class="screen">uint32</pre></td>
<td><pre class="screen">0</pre></td>
<td>The listen-port. If listen-port is not specified, the port will be chosen randomly when the interface comes up.</td>
</tr>
<tr>
<td><pre class="screen">mtu</pre></td>
<td><pre class="screen">uint32</pre></td>
<td><pre class="screen">0</pre></td>
<td>If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple fragments.

If zero a default MTU is used. Note that contrary to wg-quick's MTU setting, this does not take into account the current routes at the time of activation.</td>
</tr>
<tr>
<td><pre class="screen">peer-routes</pre></td>
<td><pre class="screen">boolean</pre></td>
<td><pre class="screen">TRUE</pre></td>
<td>Whether to automatically add routes for the AllowedIPs ranges of the peers. If TRUE (the default), NetworkManager will automatically add routes in the routing tables according to ipv4.route-table and ipv6.route-table. Usually you want this automatism enabled. If FALSE, no such routes are added automatically. In this case, the user may want to configure static routes in ipv4.routes and ipv6.routes, respectively.

Note that if the peer's AllowedIPs is "0.0.0.0/0" or "::/0" and the profile's ipv4.never-default or ipv6.never-default setting is enabled, the peer route for this peer won't be added automatically.</td>
</tr>
<tr>
<td><pre class="screen">peers</pre></td>
<td><pre class="screen">array of 'a{sv}'</pre></td>
<td><pre class="screen"></pre></td>
<td>Array of dictionaries for the WireGuard peers.</td>
</tr>
<tr>
<td><pre class="screen">private-key</pre></td>
<td><pre class="screen">string</pre></td>
<td><pre class="screen"></pre></td>
<td>The 256 bit private-key in base64 encoding.</td>
</tr>
<tr>
<td><pre class="screen">private-key-flags</pre></td>
<td><pre class="screen">NMSettingSecretFlags (uint32)</pre></td>
<td><pre class="screen"></pre></td>
<td>Flags indicating how to handle the "private-key" property.</td>
</tr>
</tbody>
</table></div>
</div>
<p><br class="table-break"></p>
</div>
</div>
<div class="footer">
<hr>Generated by GTK-Doc V1.33.1</div>
</body>
</html>